CVE-2019-9978CISA KEV: Actively Exploited

WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.

Public Exploits & PoCs17 found

PoC: CVE-2019-9978

CVE-2019-9978 - (PoC) RCE in Social WarFare Plugin (<=3.5.2)

15

PoC: CVE-2019-9978

CVE-2019-9978 - RCE on a Wordpress plugin: Social Warfare < 3.5.3

8

PoC: CVE-2019-9978

Wordpress Social Warfare Remote Code Execution (AUTO UPLOAD SHELL)

6

PoC: CVE-2019-9978

POC (RCE) -> CVE-2019-9978

2

PoC: CVE-2019-9978-Social-Warfare-WordPress-RCE

A complete walkthrough and exploit for CVE-2019-9978 - Unauthenticated Remote Code Execution in Social Warfare WordPress plugin ≤ 3.5.2. Includes vulnerable code analysis and payload examples.

PoC: Vuln_Remediation_MegaQuagga

Remediation report for MegaQuagga Publishing validating the mitigation of CVE-2019-9978 through progressive defensive layering. Documents reverse proxy insertion, ModSecurity WAF deployment, Graylog SIEM integration, and SSL/TLS enforcement using multi-stage Wireshark PCAP analysis across pfSense WAN and LAN interfaces.

PoC: Vuln_Exploitation_MegaQuagga_Pentest

Penetration test report for MegaQuagga Publishing documenting a six-phase engagement that chained CVE-2019-9978 and CVE-2023-4842 to achieve unauthenticated Remote Code Execution and a persistent Meterpreter session. Includes full methodology, exploitation evidence, and prioritized remediation recommendations.

PoC: MegaQuagga_Pentesting_Report

Web application penetration testing project targeting a WordPress environment. Includes exploitation of CVE-2019-9978, reverse shell execution, post-exploitation steps, and full pentesting report.

PoC: CVE-2019-9978-RCE-PoC

A custom Python proof-of-concept showcasing root-cause analysis and exploitation of CVE 2019-9978 (Social Warfare plugin),focusing on practical RFI to RCE attack flow.

PoC: payloadCVE-2019-9978

payload txt

PoC: CVE-2019-9978-Social-Warfare-WordPress-Plugin-RCE

The `swp_debug` parameter in `admin-post.php` allows remote attackers to include external files containing malicious PHP code, which are evaluated on the server. By supplying a crafted URL that hosts a reverse shell payload, an attacker can gain command execution.

PoC: CVE-2019-9978

A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3.

PoC: cve-2019-9978

cve-2019-9978 PoC

PoC: CVE-2019-9978-Python3

python3 version of the CVE-2019-9978 exploit

PoC: CVE-2019-9978

Remote Code Execution in Social Warfare Plugin before 3.5.3 for Wordpress.

PoC: CVE-2019-9978_Exploit

Social WarFare Plugin (<=3.5.2) Remote Code Execution

PoC: cve-2019-9978

cve-2019-9978

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free